by : Mr India
milw0rm exploit Explanations
In this thread i will try to explain exploits posted in milw0rm, i will put dorks of them and will explain how to use that exploits. You may ask abt any exploit here also..
let's start with today's exploit
- VidiScript (Avatar) Remote Arbitrary File Upload Vulnerability
http://www.milw0rm.com/exploits/6259
Author : InjEctOr5
Explanation :~
This exploit says we can upload PHP file instead of image file in vulnerable sites. To do this, we have to register in website and go to profile page and there, we have to upload php shell as avatar and find location of avatar on same page by viewing source code from this directory
site.com/uploads/avatars/
How to find sites which are using that script.
1). Google Dork
"Free Video Script Powered By VidiScript.com"
-with quote
2). Checking Backlinks to the main site
http://www.backlinkwatch.com/?backlinkurl=http://www.vidiscript.com
from checking backlinks. you will find almost all sites which are using that script but it will also return result of sites who have just given link to the site.
let's start with today's exploit
- VidiScript (Avatar) Remote Arbitrary File Upload Vulnerability
http://www.milw0rm.com/expl
Author : InjEctOr5
Explanation :~
This exploit says we can upload PHP file instead of image file in vulnerable sites. To do this, we have to register in website and go to profile page and there, we have to upload php shell as avatar and find location of avatar on same page by viewing source code from this directory
site.com/uploads/avatars/
How to find sites which are using that script.
1). Google Dork
"Free Video Script Powered By VidiScript.com"
-with quote
2). Checking Backlinks to the main site
http://www.backlinkwatch.com/?backli
from checking backlinks. you will find almost all sites which are using that script but it will also return result of sites who have just given link to the site.
No comments:
Post a Comment